CVE-2021-27103

Name of the Vulnerable Software and Affected Versions Accellion FTA versions 9 12 411 and earlier

Description The issue is related to insufficient validation of incoming requests, allowing a remote attacker to perform a Server-Side Request Forgery (SSRF) attack. This can be achieved by sending a crafted POST request to the "wmProgressstat.html" endpoint. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Accellion FTA versions 9 12 411 and earlier, update to version FTA 9 12 416 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wmProgressstat.html" endpoint to minimize the risk of exploitation.